Default deny rule IPv4 (1000000103)
-
why it has this rule ? how i edit it?
Default deny rule IPv4 (1000000103)
Default deny rule IPv6 (1000000105)
 -
That's the most basic design building block for a firewall, it sets the default policy for the rules to "deny all by default". You can't edit it and that's on purpose.
-
Yeah your not going to want to ever disable the default deny.
You have a couple of options to reduce log spam… You can turn off logging of the default rules, you could create a rule that is same as default deny but do not log it, etc.
I for example do not like the out of state log entries that the default rule logs - I see many of those in your log. So I turn off logging of the default rule, and then just have a block rule at the bottom that logs only SYN traffic.
-
Turning off logging for the default deny is probably the best option, it is only there to draw your attention to what gets logged and if you don't want to see it. Specifically logging only what you want to see is the way to go.
-
why blocck these ip ? i dont understand.
-
-
It would really be nice if it were possible to put rules ahead of the default deny rule. I would use this to block unwanted messages without logging so they don't clutter the log (e.g., IGMP).
-
It would really be nice if it were possible to put rules ahead of the default deny rule. I would use this to block unwanted messages without logging so they don't clutter the log (e.g., IGMP).
Not sure what you mean, but every rule you define is ahead of the default deny rule.
-
^ exactly.. Which is why I stated you could just create a rule - and not log, and so did kpa.
If you the rules you created were below the default deny, then the rules you create would never been used.. Since traffic would be denied before it got to the rule ;)